Merge pull request #331 from bounswe/feature/BE-logout

Logout endpoint for backend
bounswe · Oct 21, 2024 · e607702 · e607702
2 parents 3f8ef13 + 3f5a550
commit e607702
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 3 deletions.
diff --git a/backend/backend/settings.py b/backend/backend/settings.py
@@ -35,6 +35,7 @@
     'onboarding',
     'drf_spectacular',
     'rest_framework',
+    'rest_framework_simplejwt',
     'rest_framework_simplejwt.token_blacklist',
 ]
 
@@ -116,6 +117,9 @@
 SIMPLE_JWT = {
     'ACCESS_TOKEN_LIFETIME': datetime.timedelta(days=1),
     'REFRESH_TOKEN_LIFETIME': datetime.timedelta(days=1),
+    'ROTATE_REFRESH_TOKENS': True,
+    'BLACKLIST_AFTER_ROTATION': True,
+    'TOKEN_BLACKLIST': True,  # Make sure this is included
 }
 
 # Internationalization

diff --git a/backend/onboarding/serializers.py b/backend/onboarding/serializers.py
@@ -53,4 +53,11 @@ class UserSerializer(serializers.HyperlinkedModelSerializer):
     class Meta:
         model = User
         fields = ['url', 'username', 'email']
-
+
+class LogoutSerializer(serializers.Serializer):
+    refreshToken = serializers.CharField(required=True, max_length=512)
+
+    def validate_refresh_token(self, value):
+        if not value:
+            raise serializers.ValidationError("Refresh token is required.")
+        return value
diff --git a/backend/onboarding/urls.py b/backend/onboarding/urls.py
@@ -14,4 +14,5 @@
     path('login/refresh/', TokenRefreshView.as_view(), name='login/refresh'),
     path('register/', RegisterView.as_view(), name='auth_register'),
     path('email-verify/', VerifyEmail.as_view(), name='email-verify'),
+    path('logout/', LogoutView.as_view(), name='logout')
     ]
diff --git a/backend/onboarding/views.py b/backend/onboarding/views.py
@@ -1,4 +1,4 @@
-from django.shortcuts import render
+from django.shortcuts import render, redirect
 from django.views.decorators.csrf import csrf_exempt
 from django.contrib.sites.shortcuts import get_current_site
 from django.urls import reverse
@@ -96,4 +96,35 @@ class UserViewSet(viewsets.ModelViewSet):
     queryset = User.objects.all()
     serializer_class = UserSerializer
     permission_classes = [permissions.IsAuthenticated]
-
+
+class LogoutView(generics.GenericAPIView):
+    permission_classes = (permissions.IsAuthenticated,)
+    serializer_class = LogoutSerializer
+
+    def post(self, request):
+        requestData = request.data
+        serializer = self.get_serializer(data=requestData)
+        serializer.is_valid(raise_exception=True)
+
+        refreshToken = requestData['refreshToken']
+
+        header = request.META.get('HTTP_AUTHORIZATION') # to get access token
+        accessToken = header.split()[1]
+
+
+        if refreshToken:
+            token = RefreshToken(refreshToken)
+            token.blacklist()
+
+            user = request.user  # to get user
+
+            #  -> will be used if we want to define our blacklist tokens 
+            # BlacklistedToken.objects.create(token=token, user=user)
+
+            # will forward user to homepage when its defined
+            # redirect("home")
+            return Response({"message": "Successfully logged out."}, status=status.HTTP_205_RESET_CONTENT)
+
+        return Response({"error": "No Authorization Header"}, status=status.HTTP_400_BAD_REQUEST)
+
+